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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33).' 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)^ Responsive to communication(s) filed on 31 March 2004 . 
2a)D This action is FINAL. 2b)KI This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) G3 Claim(s) 1-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1^22 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 1 9 

1 2) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 
a)DAII b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1. 



This action is responsive to: an original application filed on 31 March 2004. 



2. 



Claims 1-22, are currently pending in this application. Claims 1, 4, 7, and 15, are 



independent claims. 



Claim Rejections - 35 USC § 102 



3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for 
patent or (2) a patent granted on an application for patent by another filed in the United 
States before the invention by the applicant for patent, except that an international 
application filed under the treaty defined in section 351(a) shall have the effects for 
purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was published under Article 
21(2) of such treaty in the English language. 

4. Claims 1-3, 7-12, and 15-20, are rejected under 35 U.S.C. 102(e) as being anticipated by 
Ke et al. U.S. Patent 7,093,280 (hereinafter '280). 

As to independent claim 1, "An apparatus, comprising: at least one reconfigurable 
processing device; at least one authentication processing device" is taught in '280 col. 1, 
line 65 through col. 2, line 9, note a data processing device in the processing system is equivalent 
to the reconfigurable processing device because the data processing device(s) as taught in 6 280 
can apply policies received therefore they are reconfigurable. In addition the authentication 
engine is interpreted to be equivalent to the authentication processing device; 

"and at least one interface processing device to be coupled to at least one of said 
reconfigurable processing device and said authentication processing device; wherein the 
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apparatus is adapted to forward information to configure at least one of said 
reconfigurable processing device and said interface processing device, received by said 
apparatus, to said authentication processing device to verify that the information came 
from an authorized source" is shown in '280 col. 2, lines 10-18, note the 'interface processing 
device' is interpreted to be equivalent to the 'controller' that intercepts packets and applies the 
appropriate firewall policies and calls to an authentication engine. 

As to dependent claim 2, "wherein said interface processing device comprises at 
least one of a data firewall and a configuration firewall" is disclosed in '280 col. 5, 
lines 60-67, note when the firewall device acts like a common firewall this is interpreted to be 
equivalent to a 'data firewall' the configuration of the firewall device for each customer's 
policies and security needs is interpreted to be equivalent to a 'configuration firewall'. 

As to dependent claim 3, "wherein said interface processing device includes one or 
more data node registers to configure said data firewall to permit forwarding of data to at 
least one of said at least one reconfigurable processing device" is taught in '280 col. 7, 
lines 7-49, note the interface processing device is interpreted to be equivalent to the controller, 
the one or more data node registers is interpreted to be the allocated security system resources by 
the controller on an as needed basis, and the 'reconfigurable processing devices' are the firewalls 
with respect to the VPNs. 

As to independent claim 7, "A method, comprising: processing received information 
with a processing device specified by said received information if said received information 
comprises data and if the processing device is authorized to process said received 
information" is taught in '280 col. 4, lines 43-46; 
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"and performing an authentication process on said received information if said 
received information does not comprise data for transmission" is shown in '280 col. 4, 
lines 23-28, note the management device processes the received information, the management 
device can perform authentication as well as regulating policies. 

As to dependent claim 8, "wherein said performing an authentication process 
comprises: forwarding said received information to an authentication device if said 
received information comprises a request to authorize one or more processing devices to 
process received information" is taught in '280 col. 7, lines 7-49. 

As to dependent claim 9, "wherein said performing an authentication process 
further comprises: forwarding at least a portion of said received information to a received 
information interface device; and configuring said received information interface device 
based at least in part on said at least a portion of said received information" is taught in 
'280 col. 7, lines 7-49. 

As to dependent claim 10, "wherein said performing an authentication process 
comprises: verifying that said received information is addressed to an authentication 
processing device if said received information comprises processing device configuration 
information; and taking security measures if said received information is not addressed to 
an authentication processing device" is shown in '280 col. 9, lines 41-59. 

As to dependent claim 11, "wherein said taking security measures comprises: re- 
addressing said received information to an authentication processing device" is disclosed in 
'280 col. 8, lines 32-67. 
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As to dependent claim 12, "wherein said taking security measures comprises at least 
one of discarding said received information or performing a reset operation" is taught in 
'280 col. 8, lines 57-58. 

As to independent claim 15, this claims is directed to a machine-accessible medium 
containing software code executed the method of claim 7; therefore it is rejected along similar 
rationale. 

As to dependent claim 16-20, these claims contain substantially similar subject matter to 
claims 8-12; therefore they are rejected along similar rationale. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

6. Claims 4-6, are rejected under 35 U.S.C. 103(a) as being unpatentable over Ke et al. 
U.S. Patent 7 5 093 ? 280 (hereinafter '280) in further view of Schain et al. U.S. Patent 6,944,706 
(hereinafter 6 706). 

As to independent claim 4, "A system, comprising: at least one reconfigurable 
processing device; at least one authentication processing device" is taught in '280 col. 1, 
line 65 through col. 2, line 9, note a data processing device in the processing system is equivalent 
to the reconfigurable processing device because the data processing device(s) as taught in '280 
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can apply policies received therefore they are reconfigurable. In addition the authentication 
engine is interpreted to be equivalent to the authentication processing device; 

"at least one interface processing device to be coupled to at least one of said 
reconfigurable processing device and said authentication processing device" is shown in 
'280. col. 2, lines 10-18, note the 'interface processing device' is interpreted to be equivalent to 
the 'controller' intercepts packets and applies the appropriate firewall policies and call the 
authentication engine 

"wherein the system is adapted to forward information to configure at least one of 
said reconfigurable processing device and said interface processing device, received by the 
system, to said authentication processing device to verify that the information came from 
an authorized source" is shown in '280 col. 2, lines 10-1 8, note the 'interface processing 
device' is interpreted to be equivalent to the 'controller' intercepts packets and applies the 
appropriate firewall policies and call the authentication engine; 

the following is not explicitly taught in '280: "at least one analog front-end device to be 
coupled to at least one of said at least one reconfigurable processing device; and an antenna 
selected from the group consisting of monopole antennas, dipole antennas, antenna arrays, 
loop antennas, planar antennas, and reflector-type antennas" however '706 teaches "Also 
coupled to the common bus 515 is a set of output connections for the broadband gateway 500. 
For example, if the broadband gateway 500 provides connectivity to a computer or computer 
network via an Ethernet port or a USB port, then coupled to the common bus 515 would be 
appropriate circuitry (540 and/or 545) for an Ethernet or USB port. Any required software 
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support for the network connectivity could be provided in the CPU 520, or in specially designed 
controllers (not shown). If the broadband gateway 500 supports wireless connectivity, then an 
appropriate wireless circuit 550 and an analog front end (AFE) 555, along with an antenna 560 
would be present" in col. 13, lines 4-15. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
a method using firewall techniques to process data packets taught in '280 to include a means to 
processes external and internal packets. One of ordinary skill in the art would have been 
motivated to perform such a modification because of the need to reduces the duplication of 
modules see '012 (col. 1, lines 59 et seq.). "A fairly common solution to the processing of 
external and local packets is to create two separate modules that are separately responsible for 
processing external packets and local packets. By separating the processing, it is much less likely 
that there would be interference since there is no interaction unless a packet crosses the interface. 
However, the separation of the processes can result in unnecessary duplication of modules, such 
as the communications protocol modules". 

As to independent claim 5, "further comprising: at least one host device to be 
coupled to said at least one interface processing device, the at least one host device adapted 
to provide information to be processed by at least one of said at least one reconfigurable 
processing device" is taught in '280 col. 7, lines 7-49. 

As to independent claim 6, "further comprising: at least one analog front-end 
interface device to couple between at least one of said at least one reconfigurable processing 
device and said at least one analog front-end device" is taught in '706 col. 13, lines 4-15. 
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7. Claims 13, 14, 21, and 22, are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Ke et al. U.S. Patent 7,093,280 (hereinafter '280) in further view of Brownell U.S. Patent 
6,754,831 (hereinafter ' 831). 

As to dependent claim 13, the following is not explicitly taught in '280: 

"wherein, if said received information comprises processing device configuration 
information, said performing an authentication process comprises: verifying a primary 
signature included in said received information; and verifying a link signature included in 
said received information if said primary signature is valid" however '831 teaches tunnel 
configuration data for a user which include a user signature, note the 'primary signature' is 
interpreted to be equivalent to the user signature' the link signature is interpreted to be equivalent 
to which third party signature authenticators in col. 11, lines 30-51 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
a method using firewall techniques to process data packets taught in 6 280 to include verify 
configuration changes with signatures. One of ordinary skill in the art would have been 
motivated to perform such a modification because of the disadvantages of most kinds of VPNs to 
selectively provide access to services see '831 (col. 4, lines 4 et seq.). "Yet another disadvantage 
of most kinds of virtual private networks is that users outside the primary network are granted 
similar access to the corporate network. Thus, such virtual private networks are unsuitable for 
common situations where it is desirable to "selectively" provide network access to various users 
on the same host, or to provide the same level of access to the same user on different external 
hosts. For example, an internal host ("clinical information server") in a hospital provides clinical 
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information to clinical users. Patient confidentiality requires that access is generally denied to 
external hosts (i.e. hosts external to the hospital's network). Most virtual private networks do not 
concurrently prevent network access to the clinical server by one set of users, while permitting 
access to another set of users, e.g. doctors". 

As to dependent claim 14, "further comprising: forwarding at least a portion of said 
received information to an intended processing device if said link signature is valid" 

however ' 831 teaches the signature information is used to authenticate data packets transferred in 
col. 11, lines 30-51; 

"and using said at least a portion of said received information to configure said 
intended processing device" is shown in '280 col. 7, lines 7-49. 

As to dependent claims 21 and 22, these claims contain substantially similar subject 
matter to claims 13 and 14; therefore they are rejected along similar rationale. 

Conclusion 

8. Any inquiry concerning this communication or earlier communications from the 

examiner should be directed to Ellen C Tran whose telephone number is 

(571) 272-3842. The examiner can normally be reached from 7:30 am to 4:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571) 272-381 1. The fax phone number for the 
organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
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may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



C^- — 



Ellen Tran 
Patent Examiner 
Technology Center 2134 
23 October 2007 



